- name: enforce certain packages previously assumed from kickstarts
  action: yum name=$item state=installed
  with_items:
  - postfix
  - joe
  - perl

- name: set root passwd
  action: user name=root password=$builder_rootpw state=present

- name: add mock user as 425
  action: user name=mock uid=425 state=present home=/var/lib/mock createhome=yes system=yes

- name: make mock homedir perms
  action: file state=directory path=/var/lib/mock mode=2775 owner=root group=mock

- name: add mock ssh dir
  action: file state=directory path=/var/lib/mock/.ssh mode=700 owner=mock group=mock

- name: add mock ssh keys
  action: copy src=$files/kojibuilder/mock_auth_keys dest=/var/lib/mock/.ssh/authorized_keys mode=640 owner=mock group=mock

- name: add kojibuilder
  action: user name=kojibuilder groups=mock 

- name: add mockbuilder
  action: user name=mockbuilder groups=mock

- name: mockbuilder .ssh dir
  action: file state=directory path=/home/mockbuilder/.ssh mode=700 owner=mockbuilder group=mockbuilder

- name: mockbuilder ssh key
  action: copy src=$files/kojibuilder/ftbfs_auth_keys dest=/home/mockbuilder/.ssh/authorized_keys mode=644 owner=mockbuilder group=mockbuilder

- name: iptables
  action: template src=$files/iptables/kojibuilder dest=/etc/sysconfig/iptables mode=600
  notify:
  - restart iptables

- name: sshd_config
  action: copy src=$files/ssh/sshd_config.kojibuilder dest=/etc/ssh/sshd_config mode=600
  notify:
  - restart sshd

- name: /etc/resolv.conf
  action: copy src=$files/resolv.conf/kojibuilder dest=/etc/resolv.conf

- name: add to hosts
  action: copy src=$files/hosts/kojibuilder-hosts dest=/etc/hosts

- name: rsyslog.conf
  action: copy src=$files/rsyslog/rsyslog.conf.kojibuilder dest=/etc/rsyslog.conf mode=644
  notify:
  - restart rsyslog

- name: /etc/postfix/main.cf
  action: copy src=$files/postfix/main.cf.norelay dest=/etc/postfix/main.cf
  notify:
  - restart postfix

- name: make a bunch of dirs
  action: file state=directory path=$item
  with_items:
    - /pub
    - /mnt/fedora_koji
    - /pub/fedora
    - /pub/epel
    - /var/spool/rsyslog

- name: add builder infra yum repo
  action: copy src=$files/kojibuilder/builder-infrastructure.repo dest=/etc/yum.repos.d/builder-infrastructure.repo

- name: clean up packages we do not need
  action: yum state=removed pkg=$item
  with_items:
    - audit
    - 'cronie\*'

- name: add pkgs
  action: yum  state=installed pkg=$item
  with_items:
    - yum-utils
    - koji-builder
    - strace
    - mock
    - nfs-utils
    - kernel-firmware
    - ntp
    - ntpdate

- name: /etc/kojid/kojid.conf
  action: copy src=$files/kojibuilder/kojid.conf dest=/etc/kojid/kojid.conf
  only_if: "not '${inventory_hostname}'.startswith(('arm01','arm03'))"
  notify:
  - restart kojid


- name: arm /etc/kojid/kojid.conf
  action: copy src=$files/kojibuilder/arm-kojid.conf dest=/etc/kojid/kojid.conf
  only_if: "'${inventory_hostname}'.startswith(('arm01','arm03'))"
  notify:
  - restart kojid

- name: /etc/koji/koji.conf
  action: copy src=$files/kojibuilder/koji.conf dest=/etc/koji.conf
  only_if: "not '${inventory_hostname}'.startswith(('arm01','arm03'))"

- name: /etc/koji/koji.conf
  action: copy src=$files/kojibuilder/arm-koji.conf dest=/etc/koji.conf
  only_if: "'${inventory_hostname}'.startswith(('arm01','arm03'))"

- name: copy over koji ca cert
  action: copy src=$private/files/koji/buildercerts/fedora-ca.cert dest=/etc/kojid/cacert.pem

- name: copy over /etc/security/limits.conf
  action: copy src=$files/kojibuilder/limits.conf dest=/etc/security/limits.conf

- name: copy over builder cert to /etc/kojid/kojibuilder.pem
  action: copy src=$private/files/koji/buildercerts/${inventory_hostname}.pem dest=/etc/kojid/kojibuilder.pem mode=600   

- name: chkconfig kojid on and leave it running
  action: service name=kojid enabled=on
#  action: service name=kojid enabled=on state=started

- name: copy over authorized keys for root
  action: copy src=$files/kojibuilder/root_auth_keys dest=/root/.ssh/authorized_keys mode=644

# idmapd and make sure it's set to run
- name: idmapd.conf
  action: copy src=$files/kojibuilder/idmapd.conf dest=/etc/idmapd.conf
  tags:
  - configs
- name: enable nfs-related services and run them
  action: service name=$item  enabled=true state=started
  with_items:
  - rpcidmapd
  - rpcbind
  - nfs
  - nfslock

- name: route config for netapp network
  action: copy src=$files/kojibuilder/route-eth1 dest=/etc/sysconfig/network-scripts/route-eth1

- name: add netapp network route
  action: command /etc/sysconfig/network-scripts/ifup-routes eth1

- name: nfs mount points
  action: mount name=/mnt/fedora_koji src=vtap-fedora-nfs01.storage.phx2.redhat.com:/vol/fedora_koji fstype=nfs opts=ro,hard,bg,intr,noatime,nodev,nosuid passno=0 dump=0 state=mounted
  only_if: "'${inventory_hostname}'.startswith('build')"

- name: make a mnt/koji link
  action: file state=link src=/mnt/fedora_koji/koji dest=/mnt/koji
  only_if: "'${inventory_hostname}'.startswith('build')"

# mock configs for pungify job
- name: put extra special  mock configs in
  action: copy src=$files/kojibuilder/builders/$item dest=/etc/mock/$item mode=644
  with_items:
    - fedora-branched-pungi-i386.cfg
    - fedora-branched-pungi-x86_64.cfg
    - fedora-rawhide-pungi-i386.cfg
    - fedora-rawhide-pungi-x86_64.cfg

- name: ntp steptickers
  action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers

- name: ntp.conf
  action: copy src=$files/common/ntp.conf dest=/etc/ntp.conf

- name: enable ntpd
  action: service name=ntpd enabled=true state=started
